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REMARKS 

Claims 1-69 are pending; claims 20-25 and 33 have been amended in several particulars. 

A Petition under 37 CFR §1.144 traversing the restriction requirement was filed on 31 
December 2002. A decision on that Petition should be made before any further Office Action is 
mailed by the PTO. 

The Specification and Abstract have been amended in their entirety. No new matter has been 
entered. The amendment to the specification ensures that the reference numbers used therein 
correspond to the reference numbers in the drawings. 

The drawings were objected to for including reference numerals not mentioned in the 
specification. The attached amendment to the drawings and the amendment to the specification is 
believed to correct for the noted deficiencies. 

Additionally, the amended sbject matter removes redundant reference numbers not 
referencing similar illustrated elements. 

Accordingly, the objections should be withdrawn. 

Claim 33 was rejected under 35 U.S.C. §112, second paragraph based upon a deficiency 

kindly noted by the Examiner. The above amendment is believed to correct for the noted deficiency. 

Accordingly, the rejection should be withdrawn. 
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Claims 20, 22-27 and 29 were rejected under 35 U.S.C. § 1 02(e) as being anticipated by Kato 
*331. Claims 21, 28 and 33 were rejected under 35 U.S.C. §103(a), as rendered obvious and 
unpatentable, over Kato in view of Ginter et al. The Applicant respectfully traverses these rejections 
for the following reason(s). 

The present invention has a priority date of the 24 September 1998 based on the Korean 
Applications having Serial Nos. 1998/39808 and 1998/39809, filed earlier than the filing date of 5 
October 1998 of the Kato patent. Accordingly, Kato is not available as a reference under § 102(e) 
or § 103(a). 

Additionally, claims 20, 23 and 25 have been amended to indicate that identity characters of 
a user are transmitted from a terminal unit to a server in order to generate the key information used 
to encrypt and decrypt digital information. 

Kato does not disclose nor teach this feature with respect to the identity characters. 

Kato does not disclose nor teach a copvright protection protocol for copyright protection. 

Accordingly, claims 20, 22-27 and 29 are not anticipated under § 102(e) by Kato; and claims 
21, 28 and 33 are not obvious under § 103(a) in view of Kato and Ginter et al. 

The examiner is respectfully requested to reconsider the application, withdraw the objections 
and/or rejections and pass the application to issue in view of the above amendments and/or remarks. 
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Should a Petition for extension of time be required with the filing of this Amendment, the 
Commissioner is kindly requested to treat this paragraph as such a request and is authorized to 
charge Deposit Account No. 02-4943 of Applicant's undersigned attorney in the amount of the 
incurred fee if, and only if, a petition for extension of time be required and a check of the requisite 
amount is not enclosed. 



1522 K Street, N.W. 
Washington, D.C. 20005 
(202) 638-5740 

FoHo: P55501 
Date: 4/11/03 
I.D.: REB/MDP 



Respectfully submitted, 




Robert E. Bushnell 
Attorney for AppUcant 
Reg. No.: 27,774 
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APPENDIX 

A marked up version of the amended Abstract, Specification and Claims follows: 

AMENDED ABSTRACT 

A digital cryptograph and encryption [apparatus and method thereofl process encrypts and 
transmits [the] ina digital [content from the] format specific items of information requested by a user 
of a digital content transmission system by using [the] key [informtion] information , [the user] a 
user's key and [the] a temporary validation key, to decrypt and replay the [encryted] encrypted 
digital [content in] information at the [user] user's terminal by using die key mformation and the 
[user] user's authorization information, [ 

The] Each registere d subscribing user is provided with [a] unique key mformation.. The user 
key is generated by applying the key information to [the] a key generation algorithm [and the] . The 
temporary validation key [generated] that is created when the registered user accesses the server, is 
encrypted [by] with the user key. The digital [contents are encryted] information is encrypted by 
using the temporary validation ke y in an encryption algorithm . The decryption algorithm [gets] 
allows the user to decrypt and replay the encrypted digital [content by receiving] information upon 
receipt of the key information [which corresponds one-to-one] that has a one-to-one correspondence 
to the identity character s of the registered subscribing user . 
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TITLE 

[THE ] DIGITAL CONTENT [ENCRYPTION APPARATUS AND 
METHOD THEREOF] CRYPTOGRAPH AND PROCESS 

[BACKGROUND OF THE DESCRIPTION] 

CLAIM FOR PRIORITY 

This application makes reference to. incorporates the same herein, and claims all rights 
accruing thereto under 35 U.S.C. $119 through our patent applications entitled The Digital Content 
Encryption Apparatus And Method Thereof earlier filed on the 24*^ day of September 1998 in the 
Korean Industrial Property Office and there duly assigned Serial Nos. 1 998/39808 and 1 998/39809. 

FIELD OF THE INVENTION 

[1. Field of the invention ] 

The present invention is generally related to [the] encryption processes and apparatus [and 
the method thereof], and^ more particularly [to the encryption apparatus and the method thereof 
which encrypts and transmits the digital content from the digital content transmission system by 
using the key information, the user key and the temporary validation key, to decrypt and replay the 

-45- 



PATENT 
P55501 

encrypted digital content in the user terminal by using the key information and the user authorization 
information] , to processes and apparatus for the generation and use of kevs in the transmission and 
replay of digital information . 

BACKGROUND ART 

[2. Description of the Prior Art] 

Recently, [people live in the midst of] with the flood of information provided by various 
[kinds of] media such as broadcasting and press[. This atmosphere created the information providers 
interested in providing the integrated information covering all the media and also there appeared 
users who want to selectively get a specific digital content out of the digital contents provided by 
the information provider (IP). 

Accordingly, there appeared a digital content transmission system comprising] , an 
atmosphere has been created bv the information providers who [converts various information into 
the digital contents and stores this digital contents, and the users who are provided with this digital 
content from the IP by the network. 

The] are interested in providing integrated infomiation that covers all of the media. Other 
users want to selectivelv receive a specific item of digital information from the entire spectrum of 
information available from a particular information provider (IP). Accordinglv, a digital content 
transmission system has [provided] been formed bv the information providers who convert various 
types of information into digital form and store this digital information^ and the users subscribe to 
this digital information system from the information provider via the network. Digital information 
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transmission systems endow an application program with easy downloadability of the digital 
[contents] content . The user can get all the information [he wants] desired by [accessing the digital 
content system through the network and] using this application program[. 

The above mentioned digital contents are] to access the digital information system through 
the network. 

The digital information may be provided to the user either for pay or for free. In case of [the] 
paid digital [contents] information , the server [with] who provides the digital [content] information 
via the transmission system sets the service fee. The service server charges the user according to the 
quantity of information used when the digital information [when the charged digital content] is 
downloaded to the user. 

[However, in case the] MPEG software protocol for example, compresses audio files to a 
fraction of their original size, but has little perceptible affect upon the quality of the audio sound. 
MPEG software protocol is now widely used by Internet sites offering digitalized music, and is 
reported to be commonly used to offer digitalized versions of recorded music without the consent 
of the musicians. When a user is connected to [the] a server [which] that provides [the ] digital 
[content] information commercially [by the] via a network, [most] a few of the users [get an illegally 
copied and distributed digital content and this is very damaging] may be able to inadvertently or 
illegally copy the digital information, a practice that would be economically damaging to both the 
musicians and to the server [with a] who is running the digital [content] information transmission 
system. 

Currently, the server, as well as the musicians, can do little more than seek redress by 
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1 undertaking civil and criminal action in an effort to control the possibility of unlicensed reception 

2 of digital information. We have noticed that there is a need for a technique to preserve transmission 

3 security of revenue bearing information while restricting access to the information bv unauthorized 

4 entities and preventing unauthorized users from using any of the information that they may be able 

5 to illicitly obtain from the information provider bv restricting the ability of the unauthorized users 

6 to decrypting whatever information they manage to obtain via the system. 

7 SUMMARY OF THE INVENTION 

8 [The] It is therefore, one object of the present invention [is aimed at providing the digital 

9 content encryption apparatus and method thereof, which encrypts and transmitts the digital content 

10 from the digital content] to provide improvements in cryptographic processes and apparatus. 

n It is another object to provide digital encryption processes and apparatus able to encrypt and 

12 transmit digital information received from a transmission system, bv the use of multiple 

13 cryptographic keys. 

14 It is still another object to provide digital encryption processes and apparatus for generating 

15 and using multiple cryptographic keys during the transmission of digital information to a user. 

16 It is yet another object to provide digital encryption processes and apparatus that employ user 

17 information in the generation and use of multiple cryptographic keys during the transmission of 

18 digital information to the user. 

19 It is still yet another object to provide digital encryption processes and apparatus able to 

20 encrypt and transmit digital information obtained from a transmission system by using [the key 
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1 informtion, the user key and the] multiple cryptographic keys, and to decrypt and play the digital 

2 information at the terminal of the user by using a plurality of keys, one of which is common to the 

3 multiple keys. 

4 It is a further object to provide digital encryption processes and apparatus able to encrypt and 

5 transmit digital information obtained from a transmission system by using key information, a user's 

6 key, and a temporary validation key, and to decrypt and [replay] play the [encryted ] digital [content 

7 in] information at the terminal of the user [terminal] by using the key information and [the] user 

8 authorization information. 

9 It is a still further object to provide encryption, transmission and reception protocols enabling 

10 encryption, transmission and decryption of digital information received from a transmission system. 

11 It is a yet further object to provide encryption, transmission and reception protocols enabling 

12 encryption and transmission of digital information received from a transmission system by using 

13 multiple keys to encrypt the digital information, and decryption and replay of the digital information 

14 at the terminal of the user by using a plurality of keys, one of which is common to the multiple keys. 

15 It is a still yet further object to provide encryption, transmission and reception protocols 

16 enabling encryption and transmission of digital information received from a transmission system, 

17 by using key information, a user's key, and a temporary validation key, and decryption and replay 

18 of the digital information at the terminal of the user by using the key information and user 

19 authorization information. 

20 [Also, another purpose of this invention is to provide the digital content encryption 

21 communication protocol formed into a predetermined format for encryption of the digital content, 
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according to which protocol the terminal unit decrypts the encrypted digital content. 

To achieve the above-mentioned objects, a digital content encryption apparatus of the digital 
content transmission system comprises a terminal unit downloading and storing encryption key 
information requested by a user after the user registers member information including] It is also an 
object to provide a more secure cryptograph and process for transmitting information to a terminal 
of a user who has requested the information. 

It is also a further object to provide a cryptograph and process that reliably restricts the ability 
of a registered subscriber who has validly obtained information from an information provider^ to 
deliver that information to another entity in a readily usable form. 

These and other objects may be attained with an encryption process and apparatus that 
enables a user to request transmission of items of digital information to the user's terminal unit: prior 
to transmission of the items requested however, the user must register membership information that 
includes the user's identity characters, [said] with the server that controls the transmission of the 
digital information. The server generates encryption key information in correspondence with the 
user's identity characters that have been received from the terminal unit. The server fiimishes, and 
the terminal unit [decrypting a downloaded digital content using a decryption algorithm] downloads 
an d stores the encryption key information [to replay the digital content, and a service server 
generating] that is received bv the terminal unit in response to the request by a user for the digital 
information from the server. The server encrypts the digital information with the encryption key 
information [corresponding to the identity characters from] and the terminal unit[, said service server 
transmitting the encryption key information to the terminal unit, said service server encrypting the 
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digital content using the encryption key information, said terminal unit downloading the encrypted 
digital content from the service server. 

A digital content encryption apparatus of the digital content transmission system according 
to] decrvpts the digital information received from the server by using a decrvption algorithm in 
conjunction vyith the encryption information, and replays the decrypted information. 

One embodiment of the present invention [comprises] contemplates a protocol format to 
maintain the copyright protection of the digital information, with a header field and an encrypted 
digital information field. The server uses a cryptograph with a protocol format generator [for 
generating a] that fiimishes the copyright protection protocol format[, said protocol format generator 
generating] and a [user] user's key for encrypting a temporary validation key using a key generation 
algorithm [and key information, said] . together with the encryption key information [bemg 
generated according] that corresponds t o the identity characters of [a] Ae user[, said] . The protocol 
format generator [generating] provides a heade r for the protection protocol format by using the [user] 
user's key to generate a temporary validation key[, said] . The protocol format generator [adding] 
adds to the header encrypted digital [content] information that has been encrypted [by] with the use 
of the temporary validation key [to the header] in order to [generate] form the copyright protection 
protocol format[, and means for decrypting the copyright protection protocol format, said means 
receiving the generated copyright protection protocol format generated from the protocol format 
generator and then decrypting it using] . The terminal unit uses the key information and a decryption 
algorithm to decrypt [a user] the user's key and [a] the temporary validation key, [said means 
decrypting] and decrypts the [encrypted digital content] copyright protection protocol format by 
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1 using the temporary validation key. 

2 [A protocol format for copyright protection of digital content according to the present 

3 invention includes a header field and an encrypted digital content field.] 

4 BRIEF DESCRIPTION OF THE DRAWINGS 

5 A more complete appreciation of this invention, and manv of the attendant advantages 

6 thereof, will be readily apparent as the same becomes better understood bv reference to the following 

7 detailed description when considered in conjunction with the accompanying drawings in which like 

8 reference symbols indicate the same or similar components, wherein: 

9 Fig. 1 is a schematic block diagram [showing] illustrating one embodiment of [the] a digital 

10 content encryption/decryption apparatus constructed according t o the principles of the present 

11 invention; 

12 Fig. 2 is a [drawing] schematic block diagram illustrating one embodiment of the terminal 

13 unit [of] shown in Fig. 1 ; 

14 Fig. 3 is a schematic block diagram [showing] illustrating another embodiment of the digital 

15 content encryption apparatus [of] shown in Fig. 1 ; 

16 Fig. 4 is a [drawing] schematic block diagram illustrating [one] another embodiment of the 

17 terminal unit [of] shown in Fig. [3] 1; 

18 Fig. 5 is a schematic block diagram [showing the detailed functioinal sutructure of the digital 

19 content encryption apparatus of] illustrating greater detail of the embodiment of a digital content 

20 encryption apparatus shown in Fig. 1 ; 

-52- 




PATENT 
P55501 

1 Fig. 6 is a schematic b lock diagram [showing the detailed functiomal sutructure of the digital 

2 content encryption apparatus ofj illustrating greater detail of the embodiment of a digital content 

3 encryption apparatus shown in Fig. 3; 

4 Fig. 7 is a flow chart illustrating the operation of [the] a service server as applied to the 

5 embodiment shown in Fig. 3; 

6 Fig. 8 is a flow chart illustrating the operation of [the] a host server as applied to the 

7 embodiment shown in Fig. 3: 

8 Fig. 9 is a schematic block diagram [showing] illustrating the [functional structure of the 

9 digital content encryption apparatus according to] operational relation between the protocol format 

10 encoder and protocol format decoder in accordance with the principles of the present invention; 

1 1 Fig. 10 is an illustration of [the] a protocol format as may be applied t o the practice of the 

12 present invention; 

13 Fig. 1 1 [shows] is an illustration of another embodiment of a protocol format as may be 

14 applied to the practice of the present invention: 

15 Fig. 12 is an illustration of a header field that may be applied to the protocol [format of Fig. 

16 10; 

17 Fig. 12 illustrates the header field applied to Fig] formats shovm in Fig . 10 and in Fig, 11; 

18 Fig. 13 [shows] is an illustration of another embodiment of [the header field of Fig. 12; 

19 Fig. 14 illustrates the] a header field that may be applied to the protocol formats shown in 

20 Fig. 10 and in Fig. 11: 

21 Fig. 14 is an illustration of an unencrypted header field [applied to Fig] suitable for the 
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1 header fields shown in Fig . 12 andjn Fig. 13; 

2 Fig. 15 [shows] illustrates another embodiment of [the] an unencrypted header field [of] 

3 suitable for use as the header fields in Fig. 12 and in Fig. [14] 13: 

4 Fig. 16 illustrates [the detailed] a format of user authorization information [applied to Fig. 

5 14 and Fig. 15; 

6 Fig. 17 is a drawing illustrating the detailed] suitable for application to the unencrypted 

7 header field [applied to Fig. 12 and Fig. 13; 

8 Fig, 18 is a flow chart illustrating the method of generating the protocol applied to] shown 

9 in Figs. 14 and 15: 

10 Fig. 17 illustrates the details of a header field as may be used in the header fields shown in 

11 Figs. 12 and 13: 

12 Fig. 18 illustrates a flow chart for one process of generating a protocol in the practice of the 

13 present inyention; 

14 Fig. 19 [is] illustrates a flow chart [illustrating the method] for one process of generatmg 

15 [the] a header [applied to] in the process shown by Fig. 1 8; 

16 Fig. 20 [is] illustrates a flow chart [illustrating the method] for one process of generating 

17 [the] user authorization information [applied to Fig. 19; 

18 Fig. 21 is a flow chart illustrating the method] in the process shown by Fig. 19: 

19 Figs. 21 A and 2 IB illustrate a flow chart for one process of decrypting and [replaying the 

20 encrypted] playing digital [contents according to] information in the practice of the present 

21 inyention; 
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1 Fig. 22 [illustrates schematically the structure of the replaying device applied to Fig. 1 and 

2 Fig. 3; and 

3 Fig. 23 is a flow chart illustrating the method of decrypting the encrypted digital contents. 

4 ] is a schematic block diagram illustrating one embodiment of a player suitable for broadcasting 

5 digital information transmitted by the embodiments shown by Figs. 1 and 3: and 

6 Figs. 23A and 23B illustrate a flow chart for another process of decrypting digital 

7 information in the practice of the present invention. 

8 DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

9 [The] Embodiments of the present invention [will now be described in detail referring to the 

1 0 accompanying drawings, 

1 1 The] contemplate the use of three keys in order to encrypt and decrypt digital information 

12 such as audio material like recorded music, and audio and video material. Practice of embodiments 

13 of the present invention [uses] may use three keys in order to encrypt and decrypt the digital 

1 4 [contents, which] information. 

15 The first of these keys [are explained below in detail. 

16 First,] is key informatio n that is generated in the host server in response to the request of the 

17 service server when the user to be p rovided with the digital [contents] information i s found to be 

18 unregistere d with the host server . The [generated] key informatio n that is then generated is stored 

19 in the user's terminal unit after [transmitted] being received by the terminal unit from through the 

20 service server. [ 
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In case of the] If a particular digital content transmission system [which] combines the host 
server and the service server, the key information can [be] also be generated [in] hx the service 
server. [ 

] The key information is used [as means for getting] to generate a temporary validation key 
in the decryption process as well as in the [encrytion] encryption process. Also, [it] the key 
information is used [as means for ascertaming] to ascertain whether the user is [authrized] authorized 
to download and replay the encrypted digital [contents] information in the user's terminal unit.[ 

] The key mformation is preferably generated by using random numbers and makes a.one-to- 
one correspondence [with] that may be unique to the user. Once generated, [it] the key information 
is stored in the database of the host server with the user's [characteritic charatersi characteristic 
characters . The size of the key information is [preferred to be 128 bytes. 

Second, a user key] preferably one hundred and twenty-eight (128) bytes. 

A second of these keys is a user's key that is used for encrypting and decrypting the 
temporary validation key in the user authorization information of [the] a header. [It] The user's key 
is generated by applying the [forementioned ] key information to [the] a key generation algorithm^ 
an d the user's key is used for generating and confirming the user's authorization information. [ 

] The [user] user's authorization information indicates a hash value [of] for the user ke y that 
is generated by using the key information. When [a] the hash value of the Fuserl user's ke y that is 
generated from the key information [of] for the user [proves] is determined to be the same as [a] the 
hash value in the [use authority of] user's authorization information found in the header, the user is 
considered [authrized] to be authorized to replay the encrypted digital [contents] information . 
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[To sum up] In summary , the [user] user's key is generated by using the key information^ and 
used [for encryting] to encrypt the temporary yalidation key included [into] among the [user] user's 
authorization information [of] that is placed in the [headerm] header , [It] The user's key is also used 
by the user to decrypt the encrypted temporary yalidation key, which is used to decrypt the encrypted 
digital [contents] information . [ 

Here the] The hash has [features] the adyantageous feature of always [getting] proyiding 
the same output from the same input [and neyer inferring] without ever permitting the inpu t to be 
inferred from the output[, which features the present invention puts its basis on] . 

Third, a temporary validation key is used for encrypting a part of the digital [contents] 
information and the header. It is preferably generated by using random numbers and its size is 
determined to be a multiple of [8] eight (8) bytes. [It is preferred to be 8 byte in] In the practice of 
the present invention[. 

The] .the temporary validation key [has a] is preferably eight (8) bvtes. One featur e of the 
present invention is that two temporary validation keys with the same content [are] will not be 
generated. For [instance] example , the temporary validation key [can] may be generated according 
to the time when the user accesses the service server. Accordingly, [even] the same user [has the] 
will receive different temporary yalidation keys [according to his access time.] . with each of the 
temporary validation keys corresponding to a different access time of the user. The temporary 
validation [key exists] keys remain valid only while the user [accesses] is in the process of accessing 
the system, that is, temporarily. 

[The] In addition to algorithms for encrypting revenue bearing information supplied bv the 
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1 information providen and aleorithms enabline an authorized user to decrypt the information obtained 

2 from the information provider via the system, the present invention [uses] contemplates the use of 

3 a plurality of other algorithms: these algorithms include a key generation algorithm, a digital content 

4 encryption and decryption algorithm, and a hash algorithm. 

5 The first of these algorithms, [which include] tfie key generation algoritiim, [hash algorithm, 

6 and digital content encryption/decryption algorithm. 

7 The key generation algorithm] generates the [user] user's key by using the key information 

8 from the host server. In [case of] those systems where the host serverjs separate from ttie service 

9 server, [it] the key generation algorithm is included in the service server. 

10 The second algorithm, the d igital content encryption and decryption algorithm^ is also 

1 1 [indued] included in the service server and [generates] is used by the service server to generate the 

1 2 header information to encrypt the digital [contens] information that has been requested by the user . 

13 The third algorithm, the hash algorithm^ is used [when] to generate the [use autorization] 

14 user's authorization information [is generated] by using the [user] user's key in the service server 

15 [or when it] . and is [ascertained] used to make a determination about whether the user is 

16 authorized[. 

1 7 To describe the digital content briefly] to receive the digital information that the user has 

18 requested from the information provider via the system. 

19 The digital information that is requested by the user is sometimes referred to in this 

20 specification as digital content. Briefly , the digital [content means a sort of data, e. g., music data,] 

21 information is some sort of data such as music or a literary composition, that has been converted into 
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digital [signal which is] signals that are stored in the form of a single file. The user [can] may select 
the digital [content] information that has been stored in the form ofa file through the networ k, and 
then access and read or listen to [it by using a PC with] the digital information by using a personal 
or laptop computer with the aid of an application program for [communication or a replaying device 
connected to the PC. 

The digital content includes all] network communication and a device such as compact disk 
drive or a DVD that is either incorporated into the computer or is connected as a peripheral accessory 
to the computer, for replaying the digital information. The digital information includes all of the 
information [convertible] that has been converted into the digital data by the information p rovider 
[to be] and stored in the form of file, such as a magazine, a book, a dictionary and a drawing or 
illustration, as well as a song. 

[Fig] Figs . 1 [is a] and 2 are schematic block [diagram] diagrams showing one embodiment 
of the digital content [encryption/decryption] encryption and decryption apparatus constructed 
according to the principles of the present invention. [ 

The terminal] Terminal unit 10 transmits the user's identity characters and receives and 
stores the key information[, which] that is generated [in the] by service server 12 [and corresponds 
to] in correspondence with the identity characters[. It is also received from the] furnished bv the 
user's terminal unit 10. The key information is received from service server 12 along with the 
protocol [with] mid the encrypted digital [contents] information requested by the user[, and] . 
Terminal unit 10 decrypts and replays [it] the digital information by using the stored key information 
and the decryption algorithm. 
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[The service] Service server 12 generates the header with the [user] user's authorization 
information including the temporary validation key that has been encrvpted [by] with the [user] 
user's key[, and adds the encryted digital content to the header] . Service server 12 then adds the 
encrvpted digital information to the header in order to generate the protocol for copyright protection. 
The protocol for copyright protection is transmitted to the user's terminal unit 10 through the 
network. 

[The] As illustrated by Fig. 2> terminal unit 10 [is] may be constructed with a personal 
computer [(PC) 1 la connected to the Internet. Also, the terminal unit 10 is applicable to any kind 
of apparatus equipped with a communication program for connection to the Internet. The good 
examples of the foregoing terminal unit 1 0 would be digital TV, cellular phone and web videophone. 
For example, the terminal unit with a network access program can be connected to a public switched 
telephone network or a wireless network. 

Fig. 2 is a drawing illustrating one embodiment of the terminal unit of Fig. 1, where a 
terminal unit 10 is composed of a] PC 1 la equipped with the conventional conmiunication device 
and a [replaying device 1 lb. The PC 1 la and replaying device 1 lb arel peripheral or mtemal device 
1 lb for replaying the digital information. Computer 1 1 a and replay device 1 lb mav be provided with 
a plurality of decryption [algorithm] algorithms. Terminal unit 10 mav be a personal computer (PC^ 
or a laptop computer 1 la connected to the Internet. Generally, terminal unit 10 may be any kind of 
a pparatus equipped with a communication program and communication device that enables 
connection with the Internet. Examples of communication devices that may be incorporated into 
computer 1 la of terminal unit 10 are digital televisions, cellular telephones and web videophones. 
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For example, when computer 1 1 a is equipped with a network access program, terminal unit 1 0 may 
be connected to either a public switched telephone network or a wireless network . 

[The] Computer PC 1 la receives the key information from [the ] service server 12 and stores 
[it. Also, ] th e key information. Computer PC 11 a also receives the protocol [including] that 
includes the encrypted digital [contents] information and [records] stores the digital information in 
a long-term storage medium such as a hard disk (e.g. , a HDD (hard disk drivel) . [It] Computer 11a 
also generates the [user] user's key by using the stored key information, decrypts the temporary 
validation key by using the generated [user] user^ key, and decrypts the encrypted digital [contents] 
information by using the encrypted temporary validation key. _As a result, the [encrypted] decrypted 
digital [contents are] information may be replayed through either a video display or an audio device 
[equipped by the PC] of computer Ua [even without an additional] independently of any other 
internal or peripheral replaying device 1 lb. 

[The replaying] Replay device 1 lb receives the key information and the encrypted digital 
[contents] content from the PC 11a and decrypts the encrypted digital [contents] content by using 
the stored decryption algorithm. [ 

The replaying] Replay device 1 lb [is] maybe either portable or stationary [type according 
to] . depending upon the type of [the] jte storage media. 

[The service] Service server 12 generates key information [corresponding to] that is based 

upon the identity characters of the user that have been transmitted from [the] terminal unit 10, stores 

the key information with the identity characters, and transmits [it] the key information to [the] 

computer 11a of terminal unit [in case] 10 when the user requests the key information. [The service] 
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Service server 12 generates the temporary validation key in response to the user's request. uses the 
key information to generate the user's kev. and g enerates the [user key by the key inforamtion] 
user's authorization information from the temporary validation key encrypted by using the user's 
key and the hash value of the user's key. Service server 12 also adds the digital information that has 
been encrypted bv the encryption algorithm, to the header containing the user's authorization 
information in order to form the copyright protection protocol, and then transmits the copyright 
protection protocol to terminal unit 10. 

Service sanction agent server 14 of Figs. 1 and 2 receives a signal from service server 12 
related to the digital information fees for downloading the digital content from service server 1 2. and 
charges the user bv accumulating these fees for the registered user. 

Preferred identity characters that define the user may be the user's social security number, 
the user's driver license number or the user's resident registration number, but any set of characters 
may be used that, tend to uniquely identify the user in the manner of the driver's license number. 

Figs. 3 and 4 are schematic block diagrams showing another embodiment suitable for the 
practice of the present invention. The explanation related to terminal unit 20. computer 22a. 
replaying device 21b and service sanction agent server 24 will be omitted because these components 
were described in the discussion about the embodiments illustrated bv terminal unit 10. computer 
1 la. replay device 1 lb and service sanction agent server 14 of Figs. 1 and 2. Preferably, the service 
server, the host server and the terminal unit are implemented with microprocessor based computers 
and their attendant operating and data memories. 

Service server 22 transmits to host server 23 a request signal that asks for key information 
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that corresponds to the identity characters transmitted bv the user from terminal unit 20. In response 
to reception of the request signal host server 23 transmits the key information to the service server 
22. and the key information is then transmitted to terminal unit 20. Service server 22 also transmits 
the key information to terminal unit 20 in response to the user's request. 

Service server 22 generates a temporary validation key in response to the user's request, uses 
the key information to generate the user key , and generates the user authorization information from 
the temporary validation key encrypted by using the [user] user's key and [a] tiie hash value of the 
[user] user's key. [It also] Service server 22 adds the digital [contents] information encrypted by 
the encryption algorithm to the header [with] containine the [user] user's authorization information 
in order to form the copyright protection protocol^ and then transmits [it to the terminal unit 10. ] 
[ The service sanction agent server 14 receives the signal related to the digital content fees for 
downloading the digital content from the service server 1 2 and charges the user by accumulating the 
digital content fees of the registered user. ] 
[ The identity characters are preferred to be the user's resident registration number, but any 
characters would be available only if they can identify the user like driver's license number. ] 
[ Fig. 3 is a schematic block diagram showing another embodiment of the digital content 
encryption apparatus of Fig. 1 . The explanation related to the terminal unit 20, the replaying device 
21b and the service sanction agent server 24 will be omitted since they were described in the Fig, 

1. ] 
[ The service server 22 transmits to the host server 23 the request signal for the key 
information corresponding to the identity characters transmitted from the terminal unit 20. 
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According to the request signal, the host server 23 transmits the key information to the service 
server, which key is then transmitted to the terminal unit 20. ] 
[ Also, the service server 22 transmits the key information to the terminal unit 20 in response 
to the user's request. The service server 22 generates the temporary validation key in response to the 
user's request, generates the user key by the key inforamtion, and generates the user authorization 
information from the temporary validation key encrypted by using the user key and a hash value of 
the user key. It also adds the digital contents encrypted by the encryption algorithm to the header 
with the user authorization information to form] the copyright protection protocol [and then 
transmits it ] to [the] terminal unit 20. 

The host server 23 generates the key information corresponding to the identity characters 
transmitted from [the ] service server 22 and stores [it] the key information together with the identity 
characters, and then [transmitting it to] transmits the key information to service server 22 in response 
to the request signal [of the] generated by service server 22. 

In [Fig] the embodiments of Figs . 1 -4. [and Fig. 3, the] service [server] servere 12 and 22 
[can have a digital content list, with which the digital content provider can inform the user of the 
digital content he retains and the user is easy to] may provide the user with a list or menu of digital 
information that is available from the information provider via service servers 12. 22. This enables 
the user to easily select the digital [content he wants. For example, the digital content list would be 
the title of the song, the name of singer etc.] information that the user wants. For example, if the 
digital [content is music data] information is music, the content list may, for example, be the titles 
of songs or the names of the singers, artists or composers . 
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Fig. 5 is a block diagram showing the detailed [fiinctioinal] functional structure of the digital 
[content encryption apparatus] cryptograph of Fig. 1, [where] with the functional structure of and 
the interrelation between [the] a service server and [the] a terminal unit [are ] being shown. [ 

As] [shown in Fig. 5, the terminal] Terminal unit 200 [comprises] may be functionally 
constructed with an interface 201, a [use authority] user authorization identifier 202, a temporary 
validation key decryptor 203, and a digital content decryptor 204. 

The interface 201 receives the key information that has been generated [corresponding to] 
by service server 210 in dependence upon the user's identity characters. [The use authority] User 
authorization identifier 202 [generates] obtains the [user] user's key after reading the header of the 
copyright protection p rotocol received from [the ] service server 210^ and then [identifies] 
determines whether the user is authorized to receive digital information b v analyzing the [user] 
user's authorization information with the user's key that has been g enerated [user key] . [The 
temporary] Temporary validation key decryptor 203 decrypts the temporary validation keyby using 
the [user] user's ke y provided by user authorization identifier 202 . [The digital] Digital content 
decryptor 204 decrypts the encrypted digital [content] information received with the copyright 
protection protocol by using the temporary validation key decrypted by [the ] temporary validation 
key decryptor 203. 

[The service] Service server 210 [comprises] may be constructed with an interface 218, 
database 21 L key information generator 212, a user key generator 213, a temporary validation key 
generator 2 1 4, a user authorization information generator 2 1 5, a header generator 2 1 6, and a protocol 
format generator 217. 
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1 [The interface] Interface 218 receives the identity characters [input] received from [the] 

2 terminal unit 200. [The key] Kev information generator 212 determines whether the identity 

3 characters [input from the] received bv interface 218 exist [in the] among the sets of identity 

4 . characters belonging to registered subscribers that are stored in database 211, and then generates the 

5 key information. 

6 [The user] User key generator 213 generates the [user] user's key by applying the key 

7 information to the key generation algorithm. The temporary validation key generator 2 1 4 generates 

8 the temporary validation key when the user accesses [the ] service server 2 1 0 through [the] interface 

9 2 1 8 and requests [the] some item of digital [contents] information . 

10 [The user] User authorization information generator 2 1 5 generates the [use authoritvl user's 

1 1 authorization key information by encryptmg the temporary validation key Fusing] with the use of the 

12 Fuserl user's kev generated by [the] userkey generator 213 and then using the [user] userls key and 

13 the encrypted temporary validation key. 

14 [The header] Header generator 216 generates [the] a heade r for the copvright protection 

15 protocol bv using the [user] user's authorization information and additional information necessary 

16 for encryption. [The protocol] Protocol format generator 217 generates the copyright protection 

17 protocol by adding the encrypted digital [content] information to the header generated by [the] 

1 8 header generator 216. 

19 The operation of the digital content [encryption/decryption apparatus of Fig. 5 would be 

20 described below briefly. 

2 1 When the user inputs] cryptograph that is functionally illustrated bv Fig. 5 contemplates that 
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when the user transmits his, or hen identity characters together with a request to receive digital 
information from service server 2 1 0. the identity characters [in order to get the digital contents from 
the] are received bv service server 21 0[, the service server 210 receives them] through the interface 
218 and [outputs them] a pplied to [the] key information generator 212. 

[Then, the ] Kev information generator 212 makes a determination of whether an identical 
set of identity characters exists among the identity characters of subscribers that are registered within 
the memory of database 211. Based upon the result of that determination, kev information generator 
212 [determines whether the identical ones with the input identity characters exist among the identity 
characters registered to the database 211. According to the result of determination, the key 
information generator 212 generates the] either generates new key information [corresponding] that 
corresponds to the identity characters [to transmit the] and applies that new key information to [the] 
user key generator 2 1 3 or transmits to user key generator 2 1 3 the registered key information [to] for 
the user [key generator 213] that has been read from database 211 . 

[The user] User key generator 213 generates the [user] user's key by applying the key 
information to the key generation algorithm^ and then [outputs] furnishes the [user] user's key to [the 
key] user authorization information generator 215.[ 

The temporary] Temporary validation key generator 2 1 4 generates the temporary validation 
key in response to the user access signal that is input through [the ] interface 218^ and inputs [it to 
] the [key information generator 215. 

The] temporary validation kev to user authorization information generator 215 [calculates 

the] . User authorization information generator 215 determines, as. for example, bv calculation, a 
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1 hash value by applying the [user] user's key to the hash algorithm, then encrypts the temporary 

2 validation key by_using the [user] user's key[, and] . Generator 215 generates the [user] user's 

3 authorization information from a set of the hash value and the encrypted temporary validation key. 

4 The [generated user] user's authorization information fumished bv generator 2 1 5 is [input] a pplied 

5 to [the] header generator 21 6[. 

6 The header generator 2 1 6] , which adds the user authorization information to the header and 

7 then [outputs it to] provides the header to protocol format generator 217.[ 

8 The protocol] Protocol format generator 2 1 7 forms th e copyright protection protocol format 

9 by adding the encrypted digital [content] information to the header and then transmits [it] the 

10 copyright protection protocol to th e user's terminal unit 200. 

1 1 Fig. 6 is a block diagram showing the detailed [functioinal] functional structure of the digital 

12 [content encryption apparatus] cryptograph of Fig. 3, [where] with the functional structure of and 

13 the interrelation between [the ] service rserver] server 110 , [the] host server 120 and [the] terminal 

14 unit [are] 100 being schematically shown.[ 

15 In] [Fig. 6, the key] Key information generator [111] 121 and [the ] database 122 belong 

16 to [the ] host server 120. ..Also, [the] user key generator 111, [the ] interface [115] 116, [the] 

17 temporary validation key generator 1 12, [the] user authorization information generator 113, [the ] 

18 header generator 1 14, and [the] protocol format generator [1 14] 115 belong to [the ] service server 

19 110. [Description about the operation of each unit will be omitted, as the operation of each unit] 

20 The functional operation of these components is the same as [in case of Fig. 5. 

21 In the above, the] the like components described in the discussion about the embodiment 
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1 represented by Fig. 5. 

2 The illustration of the present invention in the foregoing paragraphs was made mostly 

3 [referring to the PC user. However, it can be applicable] bv reference to the user of a personal 

4 computer. The principles discussed however, may be applied to any kind of device equipped with 

5 a communication program and a [decrytion] decryption algorithm. [] 

6 Fig. 7 is a flow chart illustrating the operation of the service server and/or the host servers 

7 shown in Figs. 1-6. when digital information is fumished to a user who was previously unregistered 

8 with the database of subscribers maintained by the service [server applied to Fig. 3, which is related 

9 to the case the user imregistered to the service server intends to be provided with the digital contents] 

10 servers or the host servers , 

11 The service server [22] can be accessed from the terminal imit [20 by] with the network 

12 access program. When the user [inputs] transmits his , or hen identity characters, the service server 

13 or the host server identifies whether [he] that user is registered by comparing [the input] those 

14 identity characters with the [registered ones. If the user is registered.] identity characters of registered 

15 users that is maintained bv the database. If this user is determined to be registered, no additional key 

16 information is generated by the key information [is not generated additionally.] generator. 

17 If [the input] those identity characters are determined however, to not [to] exist in the 

18 [service] database of the host server [22] or the host server, however, the service server [22 

1 9 recognizes] or the host server will recognize the user as a new member subscriber and [proceeds into 

20 the] proceed to implement a membership registratio n of this user . [ 

21 ] If [the] this user [who wants to get the digital content makes] completes th e process of 
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membership registration, the service server [22] generates the key information or receives the key 
information from the host server [23] and then in step SSI 00 t ransmits [it] the kev information to 
the terminal unit [20] in response to the user's request [(S510), 

The above mentioned] . This key information generated in response to the identity characters 
[is] yyill be maintained valid unless the user [applies] requests the cancellation of hi s, or hen 
membership. 

After [the ] step [of S510] S5100, [the] m step S5200 service server 22 determines whether 
the user's request signal for dovmloading the digital [contents is] content has been received from 
[the] terminal unit 20 [(S520)]. If the request signal for downloading is determined in step S5200 
to [be] have been received, [the] during step S5300 service server 22 generates the [user] user's kev 
bv using the key information, encrypts the temporary validation key by.using the [user] user's key, 
and then [generates] creates the header by.using the [user] user's key and the encrypted temporary 
validation key. [It] In step S5300. service server 22 also generates the copyright protection protocol 
by adding the encrypted digital [contents] content to the header and transmits the protocol to 
terminal unit 20 of the user [(S530). 

] ^After transmitting the digital content to the user, [the] during step S54Q0 service server 
22 transmits the service fee information^ [to] for the cost incurred bv the user in obtaining the digital 
information, to service sanction agent server 24 in order to add [it ] to th e user's account [stored] the 
service fee information. [The service] Service sanction agent server 2 4 then charges the user for the 
digital content fee [he used] incurred by using the [service fee information] system to obtain the 
digital information that was transmitted to terminal unit 20 . 

-70- 



^1 



PATENT 
P55501 

1 Fig. 8 is a flow chart illustrating the operation of the host server [applied to] 23 shown bv 

2 Fig. 3. [ 

3 As shown in Fig. 8] In step S610 , [the] host server 23 determines whether the identity 

4 characters [are received (S6 1 0). 

5 When it is determined] have been received from terminal unit 20. When host server 23 

6 makes a determination that the identity characters [are] have been received, [the received] in step 

7 S620. those identity characters are compared with the identity characters stored in the database ^f 

8 host server 23 in order to determine whether [the] an identica l set of identity characters exist [(S620). 

9 After the above step of S620, the] within the database. After step of S620. if a determination 

10 has been made that an identical set of identity characters is akeadv stored within the database, then 

1 1 during step S630 the corresponding key information stored with [the] those identity characters [are] 

12 is transmitted to [the] service server 22 [when the] . If a determination is made that no identical set 

13 of identity characters [are found (S630), while ] has previously been stored within the database, in 

14 step S640 the key information for the new user is generated [(S640) ] and [then the generated key 

15 information] , in step S6SQ, is stored with the identity characters [(S650) when the identical identity 

16 characters are not foxmd. 

1 7 The step of S5 1 0 carried out] of the new user. 

18 Typically, step S5100 is performed by the service server 22 and [the ] steps of S610 [to] 

19 through S650 are carried out by [the] host server 23 [are carried out in case a1 when the cryptograph 

20 is configured with separate service server 22 and [a host server 23 are provided separately as in Fig. 

21 2. When] host server 23, as is shown in Figs. 3 and 4. When, as is shown in Figs. 1 and 2, only a 
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1 single service sever [ 1 1 ] 12 is provided, [however, the] service server [ 1 1 ] 12 integrally [carries out 

2 the above mentioned] performs these step s in order to generate the key information corresponding 

3 to the user's identity characters and then [transmit] transmits the [generated] key information that 

4 is generated to terminal unit 20 of the user[, which] : these steps are not specifically described since 

5 the processes can be easily inferred from [Fig] Figs . 7 [& 8. 

6 The terminal units 10 and 20 are provided with] and 8. 

7 When provided with the key information together with the dieital information requested bv 

8 the usen terminal unit 10. 20 decrypts the key information and the digital [contents, decrypts them] 

9 . information through the stored decryption algorithm and^ at the same time^ outputs [them] Ae 

10 decrypted digital information to th e either external or internal audio output [device] devices (e.g.. 

1 1 speakers or earphones'} in order to render [them] the decrypted digital information audible to the 

12 user.[ 

13 ] ^Therefore, when illegal copying of [the ] digital [content] information from [the] terminal 

14 unit 10 [and] ^ 20 to [another] some other terminal unit occurs, the absence of the key information 

15 stored w ithin [the] that other terminal unit will disable the process and prevent the encrypted digital 

16 [content] information from being replayed and heard. 

17 [In case the] When a registered user wants to provide another person with [the ] digital 

1 8 [contents, the identication charaters of the another person is] information obtained by the user from 

19 the service server 10. 20. the identification characters of that other person are stored with the 

20 identification [charaters] characters of the registered user. In [thi case] that situation , the encrypted 

2 1 digital [contents are] information is decrypted and replayed with the former identification [charaters] 
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1 characters as well as with the [latter ones, 

2 The fee for the provided digital contents] identification characters of the other person. The 

3 fee incurred in exchange for the digital information provided would be paid by the user registered 

4 [to the] with service server 22.[] 

5 In the functional [aspect] sense , [the] tins digital content [encryption/decryption] cryptograph 

6 serves as an encryption and decryption apparatus [according to] in the practice of the present 

7 invention [can] : the cryptograph may be divided broadly into [the] a device encrypting [the ] digital 

8 [content] information and [the] a device decrypting the encrypted digital [content] information . 

9 Fig. 9 is a schematic block diagram showing the functional structure of the digital [content 

10 encryption apparatus] crvptojog^aph functioning according to the [present invention. 

1 1 The digital content encryption apparatus] principles of the present invention [consists] . The 

12 digital cryptograph of [a] the present invention may be summarized as protocol format [generator] 

13 encoder 30 [and a] operationally connected to protocol format decoder 3 1 . [ 

14 The protocol] Protocol format [generator] encoder 30 generates the copyright protection 

15 protocol format [consisting of] containing the encrypted digital [contents and the] information, 

1 6 together with a header including the information necessary for encrypting and decrypting the digital 

17 [contents] information . [The protocol] Protocol format decoder 31 decrypts and replays the 

18 encrypted digital [contents from] information received in the copyright protection protocol format 

19 [input ] from [the] protocol format [generator] encoder 3 1 [according to] , in accordance with the 

20 header information [of] from th e protection protocol format. 

21 More [particularly] specifically , [the] protocol format [generator] encoder 30 generates the 
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[user] user's key by using the key information generated [corresponding to1 in correspondence with 
the user's identity characters and the key generation algorithm. Then, rit1 protocol format encoder 
30 generates the header to which the [user] user's authorization information with the encrypted 
temporary [validationkey] vaUdation key is added by using the [user] user's key and a hash value 
of the user key. [It] Protocol format encoder 30 also generates the copyright protection protocol 
format by adding the [encrypted ] digital [content] information that has been encrypted [by] with the 
temporary validation key to the header. 

[The protocol] Protocol format decoder 3 1 receives the copyright protection protocol format 
[generated 1 transmitted b v [the] protocol format [generator] encoder 30 [to generatel , generates 
the user key by.usmg the key information, and decrypts the encrypted digital content_by using the 
temporary validation key after decrypting the temporary validation kevbv using the [user] user's key 
[in case the user is identified to] when protocol format encoder 30 has identified the user of the 
terminal unit to be authorized. [It is idenfied through the user authorization information which is 
achieved using the user key] Indication of whether the user is authorize d, as a subscriber registered 
with the database maintained bv the service server, or the host server, is provided bv the user's 
authorization information obtained bv protocol format decoder by employing the user's key to 
determine whether the user is authorized to receive, decode and use the digital information . 

Operation of the protocol format processing system will be described in detail [referring]by 
now turning to [the appended Fig] Figs . 10 [and Fig.] through 16.[ 

] _When the user selects the digital [content he wants to be provided with, the digital content 
encryption apparatus] information that he. or she, wants to obtain, the digital cryptograph of the 
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present invention [forms] arranges the digital [content] information into the protocol format 
described [below] in greater detail in the following paragraphs, and then transmits fit] the protocol 
format to the terminal unit of the user. 

Fig. 1 0 is an illustration of [the] one protocol format as applied to the practice of the present 
invention. The format of one p rotocol for protecting the copyright of digital information [comprises] 
to be transmitted by a service server, may be arranged with a header[, which] that includes 
information for encrypting the digital [contents and ] information [for explaining] and material that 
explains the digital [contens] information , and an encrypted digital [content] information field. [ 

The] Referring additionally now to Fig. 5. to understand the structure of the header [will 
be described in detail referring to Fig. 5. The encrypted digital contents are] recall that the digital 
information requested bv the user is encrypted partly by the user key and the temporary validation 
key so as [not ] to prevent replay [in case of] of the digital information in the absence of the key 
informatio n, such as when the encrypted digital information is obtained bv another entity . 

Fig. 1 1 [, which] illustrates another embodiment [of] for the protocol format [of] , alternative 
to that shown bv Fig. 10, [shows] with the copyright protection protocol including additional fields 
that may be optionally added. A field for indicating the size of [an] the encrypted digital content 
may is inserted between the header and the encrypted digital [content] information field[, which size 
is preferred to be the same as that] : preferably the size of the encrypted digital content is the same 
as the size of the unencrypted digital content field. [ 

]Also, [the] an additional information field [can] may be added to the rear end of the 
encrypted digital [content] information field in order to define the encrypted digital [contents] 
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1 information for [user's] the convenience and easy understandin g by the user . [ 

2 In case] if the digital [content] information is [song data] , for exampl e, a musical song , the 

3 additional information [would] could be various [data] related information such a s the name of the 

4 singer, title of [songs] the song , the playing time, the.title of [albunm] album , the [maker] publisher 

5 of [albunm] album , [publishing date, moving pictures of music video] the publication date of the 

6 song, and if the digital information is a musical video, the additional information could include the 

7 name of the associated motion picture . 

8 The additional information field [is formed] mav be arranged in a [format that] sequence with 

9 the header and the data [are] being arranged in [tumn] turn , so [it can] the format mav be expanded 

10 regardless of the number of additional items of digital informatio n included within the copyright 
u protection protocol . 

12 Fig. 12 illustrates the header field [of Fig] suitable for Figs . 10 and [Fig. ] 11 more 

13 rparticularlv] specifically , [which comprises] with a copyright support information field, an 

14 unencrypted header field and an encrypted header field.[ 

1 5 ] _The copyright support information field includes [the] a copyright support code [showing] 

16 that shows whether the digital [content] information provided by the digital content provider 

17 supports the copyright. [ 

18 ] _If the copyright support code exists in the copyright support information field, the digital 

1 9 [contents] information being provided to the user is recognized as being eligible to be encrypted, and 

20 then decrypted [to] by the user for replay. Otherwis e, if the copyright support code is absent from 

21 the copyright support information field, the digital [content] information is [recognized] identified 
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1 as not being eligible to be unencrypted (e, g,. due to the unregistered status of the recipient of the 

2 digital information) and the decryption process is terminated in order [for] that the digital [contents 

3 to] information can only be replayed without decryptio n (i.e.. replayed in its encrypted state as 

4 noise) . 

5 Fig. 13 [shows] illustrates another embodiment of [the] a header field altematiye to that of 

6 Fig. 12. The header field of Fig. [ 1 2. Fig. 1 1 , which field includes] 13 corresponds to the optionally 

7 added [additional ] field s of the protocol format illustrated by Fig .F 

8 ] 11. A n offset field and a field for indicating the size of the imencrypted header [are] may 

9 be inserted betwee n the copyright support information field and the unencrypted header field. The 

10 offset field provides information about the position of the additional information field: this enables 

11 the additional information field to be accessed without analysis of the header. Also> a field for 

12 indicating the size of the encrypted header is provided in the sequence prior to the encrypted header 

13 field. 

14 Fig. 14 illustrates the format of an unencrypted header field suitable for the header fields of 

15 the alternatives shown bv Figs. 12 and 13. The unencrypted header field may be arranged with a 

16 copyright library version field, a digital conversion format field for indicating the type of the digital 

17 conversion format, a key generation algorithm field for indicating the information on the key 

18 generation algorithm, a digital content encryption algorithm field for indicating the information on 

19 the digital content encryption algorithm, a field for indicating the user's authorization information 

20 at the computer of the user's terminal unit, and a field for indicating the user's authorization 

21 information at the replay device. The digital conversion format field shows which conversion 
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technique was used to convert the digital content into the digital signal. Typical examples of the 
conversion method are MP3 and AAC, The encryption algorithm field may include a hash algorithm 
code, key encryption algorithm code, the size of initial vector (IV\ and information on initial vector 
used for encrypting the digital content. The field for indicating the user's authorization information 
at the computer of the user's terminal unit and the field for indicating the user's authorization 
information at the replay device are the most important components of the header: they serve to 
identify the user's authorization to use the digital information and increase in proportion to the 
number of people who share the encrypted digital information. 

Fig. 15. illustrates another embodiment of the unencrypted header field that is alternative to 
that shown by Fig. 14. This unencrypted header field may optionally include added additional fields, 
such as an identifier of the information provider and the number of users who are sharing the digital 
information. The field for indicating the code of information provider may be inserted between the 
digital content conversion format field and the key generation algorithm field. To the rear end of 
the digital content encryption algorithm field may be added a field indicating the number of users 
sharing the computer at the terminal unit, and a field indicating the number of users sharing the 
replay device. 

Fig. 16 illustrates the detailed structure of the user authorization information fields suitable 
for the unencrypted header fields shown in Figs. 14 and 15. The user authorization information 
fields at the computer of the terminal unit as well as at the replay device, may be arranged with a first 
field that indicates the size of hash value generated by the hash algorithm, a second field that 
indicates a hash value for the user's key, a third field that indicates the size of the resultant value of 
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the encrypted temporary validation key created bv the key encryption algorithm, and a fourth field 
that indicates the resultant yalue of the encrypted temporary validation key. 

Fig. 17 illustrates the details of an arrangement of an encrypted header that is suitable use 
in the header field shown by Figs. 12 and 13. The encrypted header field may be arranged with a 
first field that indicates the basic process unit of the digital content of the information to be furnished 
to the user, a second field that indicates the number of encrypted bytes, a second field that states the 
encrypted fi-ame unit, and a third, or hash value field, that establishes the state of the entire header. 
The basic process unit of the digital information and the number of the encrypted bytes of resulting 
from encryption of the digital information may be assigned by the information provider: however, 
the basic process irnit and the number of encrypted bytes are likely to be set to basic values by a 
basic algorithm bv reference to the processing speed of the terminal unit and a memory that stores 
data for the microprocessor based terminal unit. The hash value in the hash value field indicates the 
hash value of both the copyright support information field and the unencrypted header field[. The 
offset field provides information on the position of the additional information field, which enables 
the additional information field to be accessed without analysis of the header. Also, a field for 
indicating the size of the encrypted header is provided] : that is. the hash value for the fields arranged 
within the header field prior to the encrypted header field. 

Fig. [14 illustrates the unencrypted header field applied to Fig. 12 and Fig. 13. 

The unencrypted header field comprises a copyright library version field, a digital conversion 
format field for indicating the type of] 18 is a flow chart illustrating one method for generating a 
protection protocol during the practice of the present invention. When the digital [conversion 
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1 format, a key] content request signal is received from the user, the temporary validation kev is 

2 generated in step SllO. Then, determination is made of whether the header generation algorithm 

3 [field for indicating the information on the key] defined by the digital content provider exists when 

4 the temporary validation kev is generated in step S 1 20. If the header generation algorithm[, a digital 

5 content encryption algorithm field for indicating the information on] is determined during step 

6 S 120 to be available to the service server, then in step SI 30 the header is generated with the header 

7 generation algorithm defmed bv the digital content [encryption algorithm, a field for indicating the 

8 user authorization information at PC, and a field for indicating the user authorization information 

9 at the replaying device. 

10 The digital conversion format field shows in what conversion method the digital content is 

11 converted into the digital signal. Typical examples of the conversion method are MP3 and AAC, 

1 2 The encryption algorithm field includes hash algorithm code, key encryption algorithm code, 

13 the size of initial vector (IV), the mformation on initial vector used for encrypting the digital 

14 contents. 

15 The field for indicating the user authorization information at PC and the field for indicating 

16 the user authorization information at the replaying device are the most important in the header, 

17 which serve to identify the user's authority to use the digital cotents and increase in proportion to 

18 the number of peaple who share] provider. If the determination establishes that the header 

19 generation algorithm is unavailable to the service server, the header is created in step SI 90 with a 

20 basic value. 

21 After the header is created at either step SI 30 or SI 90. the digital information requested bv 
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the user is encrypted during step SI 40 and the encrypted digital information is then added during 
step S 1 50 to the header generated during either step S 1 30 or S 1 90. When additional information is 
to be proyided to the user, a determination is made in step SI 60 of whether the additional 
information about the digital information combined with the header exists. If. during step S 1 60 the 
additional information is determined to exist, the additional information field is generated during 
step SI 70 and during step SI 80. added to the rear end of the encrypted digital [contents. 

Fig. 15, illustrating another embodiment of the unencrypted header field of Fig. 14, shows 
the unencrypted header field including] information field in order to form the copyright protection 
protocol. The copyright protection protocol is then transmitted to the user who earlier made the 
request for the digital information. The additional information is optionally added [additional fields. 

A field for indicating the code of digital content proyider is inserted between the digital 
content conyersion format field and the key generation algorithm field. To the rear end of the digital 
content encryption algorithm field can be added a field of the number of users sharing the PC, a field 
of the number of users sharing the replaying device. 

Fig. 16 illustrates the detailed structure of the user authorization information fields applied 
to Fig. 14 and Fig. 15. 

The user authorization information fields at PC and at the replaying device comprise a field 
for indicating the size of hash value generated by hash algorithm, a field for indicating a hash value 
of the user key, a field for indicating the size of resultant value of the encrypted temporary validation 
key generated by key encryption algorithm, and a field for indicating the resultant value of the 
encrypted temporary validation key. 
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1 Fig. 17 is a drawing illustrating the detailed header applied to Fig. 12 and Fig. 13. 

2 The encrypted header field comprises a field for indicating the basic process unit of the 

3 digital contents, a field for indicating the number of the encrypted bytes, a field for indicating the 

4 encrypted frame unit, and a hash value field for determining the state of entire header. 

5 The basic process unit of the digital contents and the number of the encrypted bytes can be 

6 assigned] to the digital information by the information provider[. However, they are possibly set the 

7 basic values by a basic algorithm referring to the processing speed of a terminal unit and a memory. 

8 A hash value in the hash value field indicates a hash value of both the copyright support 

9 mformation field and the imencrypted header field, i.e., a hash value of the fields prior to the 

10 encrypted header field within the header field. 

1 i Fig. 1 8] when the provider would like to make some additional explanation about the digital 

12 content to the user. The additional information processing steps mav be added selectively bv the 

13 service provider. 

14 Fig. 19 is a flow chart illustrating the method of generating the [protocol] header applied to 

1 5 [the present invention. 

16 When] Fig. 18. 

1 7 A copyright support information field, describing whether the digital content [request signal 

18 is input from the user, the temporary validation key is generated (SI 10). Then, it is determined 

1 9 whether the header] provided is under the protection of copyright and a field for indicating the size 

20 of unencrypted header are generated and added to the header (S210). An unencrypted header field 

21 is also generated and added to the header (S220), which field includes the version information, a type 
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1 of music, the code of service provider supporting the copyright, hash algorithm, key generation 

2 algorithm [defined] , and digital content encryption algorithm. 

3 If the additional information field of the digital content exists, information on the starting 

4 point of the additional information field can be also added to the header. 

5 At the step of S220 that a part of the header part is constructed, the user authorization 

6 information is generated using the key information the user has and the generated user authorization 

7 information is added to the header fS240). Following the step of S240. the encrypted header 

8 information is generated (S250V 

9 The header information includes information necessary for encryption of the digital content 

10 such as size of the encrypted block, encryption period and encrypted firame unit, etc. The header 

11 information is also generated to include the hash value by applying the whole header to the hash 

12 algorithm, with which value the change of header information can be determined. 

13 The header information generated at the step of S250 is encrypted (S260) and then the 

14 information on the encrypted header and the size of the encrypted header is added to the header 

15 (S270\ so that generated is the header added to the fi-ont end of the encrypted digital content 

16 transmitted to the user. 

17 In case the encryption algorithm provided by the digital content provider exists [when] 

18 fS260). the header information is encrypted by the encryption algorithm and the temporary 

19 validation key [is generated (S 120). 

20 In case of existence of the header generation algorithm at the determination step of S 1 20, the 

21 header is generated by the header generation algorithm defined by the digital content provider 
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1 (S130). In case of non-existence of the header generation algorithm, the header is generated in a 

2 basic value (SI 90). 

3 After the header is generated at the step of SI 30 or SI 90, the digital content is encrypted 

4 (S140) and then added to the header generated at the step of S130 or S190 (S150). 

5 In case that the additional] . Otherwise the header information is [provided, it is determined 

6 whether the additional information to the digital contents combined with the header exists (S 160). 

7 If the additional information is determined to exist at the step of SI 60, the additional information 

8 field is generated (SI 70) and added to the rear end of the encrypted digital content (SI 80) to form 

9 the copyright protection protocol. The copyright protection protocol is then transmitted to the user 

10 who want the digital contents. 

1 1 The additional information to the digital contents is added optionally by the provider when 

12 the provider would like to make an additional explanation about the digital contents to the user. The 

13 additional information processing step of S220 can be added selectively by the service provider. 

14 Fig. 19] encrypted bv the basic algorithm and the temporary validation key. 

15 Fig. 20 is a flow chart illustrating the method of generating the [header applied to Fig. 1 8. 

1 6 The copyright support information field, describing whether the digital contents provided is 

17 under the protection of copyright, and a field for indicating the size of unencrypted header are 

1 8 generated and added to the header (S2 1 0). The unencrypted header field is also generated and added 

19 to the header (S220), which field includes the version information, a type of music, the code of 

20 service provider supporting the copyright, hash algorithm, key generation algorithm, and digital 

21 content encryption algorithm. 
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1 If the additional information field of the digital contents exists, information on the starting 

2 point of the additional information field can be also added to the header. 

3 At step of S220 that a part of the header part is constructed, the user authorization 

4 information is generated using the key information the user has and the generated user authorization 

5 information is added to the header (S240). Following the step of S240, the encrypted header 

6 information is generated (S250). 

7 The header information includes information necessary for encryption of the digital content 

8 such as size of the encrypted block, encryption period and encrypted firame unit, etc. The header 

9 information is also generated to include the hash value by applying the whole header to the hash 

10 algorithm, with which value the change of header information can be determined. 

11 The header information generated at the step of S250 is encrypted (S260) and then the 

12 information on the encrypted header and the size of the encrypted header is added to the header 

13 (S270), so that generated is the header added to the front end of the encrypted digital content 

14 transmitted to the user. 

15 In case the encryption algorithm provided by the digital content provider exists (S260), the 

16 header information is encrypted by the encryption algorithm and the temporary validation key. 

1 7 Otherwise the header information is encrypted by the basic algorithm and the temporary validation 

18 key. 

19 Fig. 20 is a flow chart illustrating the method of generating the ] user authorization 

20 information applied to Fig, 19, which describe in more detail the method of generating the 

21 encryption key information at the step of S230 of Fig. 1 9. 
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It is determined whether the key information or the temporary validation key exists (S3 10). 
The user key is generated by applying the key information to the key generation algorithm when it 
is determined that the key information and the temporary validation key exist at the step of S3 10 
(S320). 

A hash value is calculated by applying the user key generated at the step of S320 (S330) to 
hash algorithm, and then the temporary validation key is encrypted using the key encryption 
algorithm and the generated user key (S340). At the NO determination of step [of] S3 1 0, the process 
is terminated (S350) with output of message of error when the key information or the temporary 
validation key is determined not to exist. 

[Fig. 21 is] Figs. 21A-21B provide a flow chart illustrating the method of decrypting and 
replaying the encrypted digital content according to the present invention. 

. First it is determined whether the kev information or the digital [contents according to the 
present invention. 

First, it is determined whether the key information or the digital contents] content received 
from the digital content provider exists (S410). The header of the digital [contents] content is read 
when either the digital content or the key information is determined to exist (S41 5), and the process 
is recognized to be an error and terminated when the digital [contents] content and the key 
information do not exist (S480). 

It is determined whether the header read at the step of S415 includes the copyright support 
code, that is to say, whether the digital content supports the copyright (S420). 

If the copyright support code is determined to exist, the digital [contents] content are 
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1 recognized to be protected by copyright and the read unencrypted header information is stored at a 

2 memory as a predetermined variable (S425). 

3 If the copyright support code is determined not to exist, that is, the digital [contents] content 

4 are not protected by copyright, the digital [contents] content is recognized to be an error in the 

5 decryption process. Then the decryption process is no longer carried out and the received digital 

6 [contents] content are decoded and output, not passing through decryption process. 

7 When the digital content is determined to be supported by copyright, the user key is 

8 generated using the key information and then the hash value of the generated user key is calculated 

9 (S430). 

10 It is determined whether the calculated hash value of the user key is identical with a hash 

1 1 value of the user key in the header (S435). 

1 2 When the calculated hash value of the user key is determined to coincide with the hash value 

13 of the user key in the header, the user is recognized to be authorized and the temporary validation 

14 key is decrypted using the user key (S440). The encrypted header is decrypted using the decrypted 

15 temporary validation key (S445). The hash value of the entire header, which is served as a reference 

16 value for determination the change of the entire header, is calculated by applying the entire header 

17 to a hash algorithm (S450). 

18 At the NO determination of step [of] S435[, the] a message [of] such as "Not authorized''^ 

19 is output (S485) and the entire digital content decryption process is terminated when the calculated 

20 hash value of the user key is determined not to be identical with the hash value of the user key in the 

21 header. 
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1 The change of the header is determined according to the hash value of the entire header 

2 (S455). In case the header is determined not to be changed, the encrypted digital [contents] content 

3 are decrypted [(S455)] (S460V 

4 It is then determined whether additional information exists (S465). The digital [contents] 

5 content are replayed if the additional information is [not] determined not to exist (S470). The 

6 additional information is processed (S475) and then replayed (S470) when the additional information 

7 is determined to exist [(S475)]. 

8 When the header is determined to be changed at the step of S455, the user is recognized not 

9 to be authorized so that the decryption process is terminated for the user not to replay the digital 

10 [contents] content (S490), 

1 1 Fig. 22 illustrates schematically the structure of the replaying device applied to [Fig. 1 and 

12 Fig. 31 Figs. 1-4 . 

1 3 Memory 300 includes a driving algorithm for the entire system and a plurality of algorithms 

14 for decrypting the encrypted digital [contents] content. Memory 300 stores in itself the received key 

15 information and digital content data in response to the writing signal and outputs the stored key 

16 information and digital content data in response to the reading signal. Memory 300 is preferred to 

17 be a flash memory. 

1 8 Microcomputer 320 receives the key information and digital content data to store in memory 

19 300, decrypts the encrypted digital [contents] content by the algorithm stored in memory 300 and 

20 then outputs them according to the key signal input from the user key input device 330. At the same 

21 time, it controls display 340 to display the present state of the apparatus. 

-88- 



PATENT 
P5550I 

1 Microcomputer 320 generates the user key through the user authorization information of the 

2 header using the key information stored in memory 300 according to the algorithm, which is also 

3 stored in memory 300, when the input digital [contents] content are encrypted. Also, microcomputer 

4 320 decrypts the temporary validation key included in the user authorization information of the 

5 header using the generated user key. The encrypted digital [contents] content are decrypted using 

6 the decrypted temporary validation key to be output. 

7 When the unencrypted digital [contents] content are received, microcomputer 320 replays 

8 and outputs the digital [contents] content without decrypting them.[ 

9 ] ^Decoder 350 decodes the digital [contents] content output from microcomputer 320 to 

10 output m audio signal. Decoder 350 is preferred to be an MPEG decoder. 

1 1 [Fig. 23 is] Figs. 23A-23B provide a flow chart illustrating the method of decryptmg the 

12 encrypted digital [contents in case] content when the encrypted digital [contents] content are input 

13 from tfie PC to the replaying device constructed as in Fig, 22 [. 

14 ] ^Microcomputer 320 determines whether the key information is input fromtfie PC (S510) 

15 and stores the input key information in memory 300 when the key information is determined to be 

16 input (S5 15). 

17 After storing the key information in memory 300, microcomputer 320 determines whether 

18 the encrypted digital [contents] content are input from the PC (S520), When the encrypted digital 

19 [contents] content are determined to be input at the step of S520, microcomputer 320 stores the 

20 digital [contents] content in memory 300 and then reads the header from the digital [contents] 

21 content according to the decryption algorithm stored in memory 300 after the transmission process 
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1 is completed (S525). When the encrypted digital [contents] content are determined not to be input, 

2 they are recognized as an error (S580) and the decryption process is terminated. 

3 Next, microcomputer 320 determines whether the copyright support code exists in the header 

4 of the read digital [contents] content (S530). [ 

5 ] _If the copyright support code is determined to exist, the digital [contents] content are 

6 recognized to be protected by copyright and the read unencrypted header information is stored at 

7 memory 300 as a predetermined variable (S535).[ 

8 ] _When the digital [contents] content is determined to be protected by copyright, 

9 microcomputer 320 generates the user key using the key information and the key generation 

10 algorithm. Microcomputer 320 calculates a hash value of the generated user key by hash algorithm 

1 1 stored in memory 300 (S540). 

12 Next, microcomputer 320 determines whether the calculated hash value of the user key is 

13 identical with a hash value of the user key in the user authorization information of the header 

14 (S545).[ 

15 ] _When the calculated hash value of the user key is determined to coincide with the hash 

16 value of the user key m the header, the user is recognized to be authorized and the temporary 

17 validation key is decrypted using the user key (S550). The encrypted header is decrypted using the 

18 decrypted temporary validation key (S555). 

19 At the NO determination of step [of] S545, a message of "Not authorized" is output [8590] 

20 and the decryption process is terminated when the calculated hash value of the user key is 

21 determined not to be identical with the hash value of the user key in the header. 
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[It is determined according to] A determination is made in accordance with the hash value 
of the entire header whether the entire header is changed in order to determine whether the user is 
authorized to decrypts and replay the digital [contents] content [(S455)]. The hash value is calculated 
by applying the entire header to hash algorithm (S560). 

The change of the entire header is determined according to whether the hash value of the 
entire header calculated at the step of S560 is identical with a hash value of the entire header stored 
in the header (S565). 

[In case] When the header is determined not to be changed, that is, the hash value of the 
entire header calculated at the step of S560 is identical with the hash value of the entire header stored 
in the header, the encrypted digital [contents] content are decrypted (S570)[. The additional 
information is processed] and then replayed [in case the additional information does not exist] 
(S575). 

When the header is determined to be changed at the step of S565, that is, the calculated hash 
value of the entire header is not identical with the hash value of the entire header stored in the 
header, the user is recognized not to be authorized so that the decryption process is terminated for 
the user not to replay the digital [contents] content (S585). 

In the present invention, the supplied [encrypt] encrypted digital [content cannot] information 
may not be replayed without the [supply] use of the decoding algorithm and the key information. 
Therefore, when the digital [content] information is illegally copied, it [cannot] may not be 
replayed[, preventing] . This discourages illegal [copy] copying, distribution, publication and 
unauthorized distribution[. This will prevent] . and minimizes the risk of significant loses for the 
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information p rovider of the digital [content] information that may be caused by illegal copying and 
unauthorized distribution [while forcing] . Moreover, this systems encourages the user to acquire 
the digital [content] information via a legitimate route. 

While this invention has been described in connection with what is presently considered to 
be the most practical and preferred embodiment, it is to be understood that the invention is not 
limited to the disclosed embodiments, but, on the contrary, is intended to cover various 
modifications and equivalent arrangements included within the spirit and scope of the appended 
claims. 
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AMENDED CLAIMS 

Please amend claims 20-25 and 33, as follows: 

20. (Amended) A digital content encryption and decryption apparatus of [the] a digital 
content transmission system comprising; 

a protocol format generator located at a server location, said protocol format generator 
generating a copyright protection protocol in response to identity characters of a user transmitted to 
said server location from a terminal unit , said copyright protection protocol including a header and 
digital contents, said digital contents being encrypted, said header having information for decrypting 
and explaining the digital contents; and 

a protocol format decoder located at said terminal unit said protocol format decoder having 
a decryption algorithm, said protocol format decoder decrypting and replaying the digital contents 
according to the information of the header received from the protocol format generator. 

2 1 . (Amended) The apparatus of claim 20, wherein the protocol format generator generates 
a user key by adding key information to a key generation algorithm and calculates a hash value by 
adding the user key to a hash algorithm, said protocol format generator encrypting a temporary 
validation key by using the user key, said header including user authorization information with the 
hash value and the encrypted temporary validation key, said key information being formed to 
correspond to said identity characters of [a] the user. 
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1 22. (Amended) The apparatus of claim 20, wherein the protocol format decoder generates 

2 a user key by adding key information to a key generation algorithm and decrypts a temporary 

3 validation ke y, transmitted within said copyright protection protocol, by using the user key, said 

4 protocol format decoder decrypting the encrypted digital contents with the temporary validation key, 

5 said key information being formed to correspond to said identity characters of [a] the user. 



1 ' 23. (Amended) A digital content encryption and decryption apparatus of [the] a digital 

2 content transmission system comprising: 

3 a protocol format generator located at a server location, said protocol format generator 

4 generating a copyright protection protocol by generating key information using random numbers. 

5 said key information corresponding to identity characters of a user transmitted to said server location 

6 from a terminal unit, said copyright protection protocol including a header and encrypted digital 

7 information added to the header: 

8 said protocol format generator applying said key information to a key generating algorithm 

9 to generate a user key utilized to generate a temporary validation key, said temporary validation key 

10 being encrypted to generate user authorization information, said header including said user 

11 authorization information: 

1 2 a protocol format decoder for copyright protection located at said terminal unit , said protocol 

13 format decoder receiving and storing said key information [having decryption algorithm] and 

14 receiving said copyright protection protocol [including encrypted digital contents, said protocol 

1 5 format decoder decrypting the copyright protection protocol using the decryption algorithm and key 

-94- 



PATENT 
P55501 

16 information to replay the encrypted digital contentsliand 

17 said protocol format decoder generating a second user key in response to the received key 

18 information, analyzes said user authorization information in response to said second user key to 
!9 determine whether the terminal unit is authorized to receive said encrypted digital information, and 

20 when said terminal unit is authorized to receive said encrypted digital information, utilyzing said 

21 second user key to decrypt said temporary validation key from said user authorization information. 

22 the decrypted temporary validation key being used to decrypt said encrypted digital information . 

1 24. (Amended) The apparatus of claim 23, wherein the protocol format decoder generates 

2 [a] said second user key by adding the stored key information to a second key generation algorithm 

3 [and decrypts a temporary validation key from user authorization information by using the user key, 

4 said protocol format decoder decrypting the encrypted digital contents with the temporary validation 

5 key, said user authorization information being included in the copyright protection protocol], 

1 25 . (Amended) A copyright protection protocol for protecting copyright of digital contents^ 

2 said protocol including a header and the digital contents, said digital contents being encrypted, said 

3 header [having information] including key data for decrypting the digital content s, said key data 

4 being randomly generated in response to identity characters of a user transmitted to a host server 

5 from a terminal unit, wherein said terminal unit receives said protocol from said host server and 

6 replays said digital contents by decrypting the encrypted digital contents in response to the key data . 

-95- 



PATENT 
P55501 

33. (Amended) The protocol format of claim 27 or 28, wherein the encrypted header field 
comprises a field for encryption algorithm of the digital content, a field for indicating a basic process 
unit of the digital content, a field for indicating the number of encrypted byte, and a hash value field 
for a hash value for determining [the] a state of the entire header. 
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